Firmware update URL?

---

GamerHonu wrote:

Does anyone know the URL that Orbi is using to automatically check for firmware updates? Thanks!

---

To my enormous surprise, it doesn't use HTTP.  It does a passive anonymous FTP connection to updates1.netgear.com (216.151.177.114) and hits directory "rbr50/us" (which fails).  It then tries again (by disconnecting and reconnecting) and hits directory "rbr50/ww", looking at fileinfo.txt to see if an update is available.  (I'm already updated, so I'm not sure what it does next - the directories and files are hidden.)

The content of fileinfo.txt appears to be binary, despite the extension, and contains a _lot_ more data than one would expect for a simple version marker (it's currenly 6948 bytes in size and filled with data).

There is a "rbs50/ww" directory as well, which I assume the satellite uses.

You do get a fun scary banner on connect:

230-
230- ---------------------------------------------------------------------------
230- WARNING:  This is a restricted access system.  If you do not have explicit
230-           permission to access this system, please disconnect immediately!
230 ----------------------------------------------------------------------------

I don't know, if as an owner of the device, if I have explicit permission to access, but I'm willing to live dangerously.  *laughs*

Note that it will ONLY use unencrypted FTP - there is no HTTP(S) fallback.  If you block port 21 outbound, a firmware update check results in "Service unreachable" on the router...take note, outbound firewall lovers!

(I'd really, REALLY like to see this done in a much more secure way - this method is not only ancient and firewall-unfriendly, it's completely insecure and wide-open to MITM injection attacks.  HTTPS/TLS with certificate validation would be an infinitely better option.)

Rodney